Hi folks,
I've signed up with an Irish VoIP provider here and have also just received a Mikrotik HAP ac3 as our primary router. It's my first foray into Mikrotik so I'm slowly getting to grips with RouterBoard and also our new voice provider's features and control panels.
Our VoIP provider has sent me a sheet of recommended network / firewall requirements, primarily to support their IP deskphones and SIP trunks. I'm curious how much of this I need to setup in Routerboard and for some items, where it the most appropriate place to set it?
Is Mikrotik performing any form of DPI? For NTP, while I did try to run DHCP option 42, it's very hit and miss whether the router issues it or not so I'd prefer to just put a pass xy.pool.ntp.org in the firewall, if it's required that is. The IP deskphones are hard coded to pull from ie.pool.ntp.org
I've disabled the SIP service in the firewall which doesn't appear to cause issue whether it's on or off. The session timers I'm unsure of
I have added all IP ranges to an Address List which I'd intend to drop into a firewall rule but I'm wondering do I need to or should I be checking somewhere to see if traffic to any of these IP's is being blocked first?
I assume a number of these ports may already be open. Would it be a case I open them but limit for example the SIP ports to the IP ranges above?
These are device specific ports for the Poly IP deskphones. Any suggestions on a clean and safe method for adding these, perhaps limiting them to a specific IP on the LAN?
Happy to hear any tips or criticism. Thanks